Let’s take a look at phishing and how can we avoid it. Phishing refers to tricking users to gain access to private information of people such as their usernames, passwords, credit card information, etc.
Phishing attempts are masterminded by cyber attackers who masquerade as authentic or trustworthy entities to deceive users in order to extract and exploit sensitive user information.
The main difference between hacking and phishing is that hacking is gaining access to something that you can’t access yourself. On the other hand, the latter is in the guise of something that a user trusts, to gain sensitive exploitation.
Illustrating further with an example, if a cyber exploiter wants to steal your money, then they can either hack into your bank account by breaching the security systems of the bank as well as your personal online defense system; or
else they can simply send a phishing email urging you to reveal your netbanking password. If the bait is taken, then they can smoothly steal your money under your nose.
What happens in phishing attacks?
Phishing consists of employing social networking techniques such as emails, SMS, phone calls, social network sites to gain background information of the targeted user.
So, basically in a pre-phishing attempt, the attackers get hold of the victim’s name, job title, email address, phone number, etc. Then, using this information, they try to connect with the potential victim via an email or text
message, thereby concealing a malicious link or attachment in them.
As soon as they open the attachment or click on a web link, it exposes them to the malware or malicious website. Thereby, malware gets installed on the victim’s device to collect personal information, if the former option is opted for. Otherwise, if the user is redirected to a malicious website, then they may be urged to reveal personal and financial information.
How to Prevent Phishing Attacks?
Defense against phishing in order to avoid a phishing attack begins with learning and becoming aware of these kind of attacks through security awareness training. Here’s a few things you can do to avoid them.
➢ Watch out for website pop-ads and URL redirects.
➢ Check the URLs of email links before clicking them.
➢ Verify if the email sent is from an authentic source. It can be done by
cross-verifying with the sender, observing the sender’s email-id, the
subject line and the description in the email to spot discrepancies.
➢ If emails are from unknown sources, then avoid downloading attachments
or clicking on the links.
➢ Use antivirus, anti-spyware software.
➢ Anti-phishing toolbar can offer a great benefit.
➢ Employ a spam filter.
➢ Use phishing filters from Microsoft.
➢ Gateway email filters can be of immense utility.
➢ Desktop and network firewalls are highly recommended.